Not even security companies are safe from the wrath of Anonymous.
As part of LulzXmas, a week-long AntiSec operation, Anonymous attacked the security think tank Stratfor on Christmas Eve. The hack included the release of a private client list and reportedly 2.7 million emails, as well as bank and credit card information of Stratfor’s employees and subscribers (approximately 4,000).
The attack, however, has prompted members of the hacktivist collective to speak out against the cyber-assault.
Weeks ago, Anonymous uploaded a vague video onto YouTube promising virtual mayhem dubbed “LulzXmas,” an operation which promised to end the year with various web security breaches. As reported by the Daily Dot, another collective in the organization then promised to give “Santa a break this year” by pledging to siphon $1 million from bank accounts held by the wealthy.
That same LulzXmas video was posted on Stratfor on Christmas Eve. An Anonymous member told the Daily Dot earlier that AntiSec has had access to Stratfor in particular for months. The hack was particularly easy, as Stratfor’s data was not encrypted—an embarrassing move for a company that specializes in web-security advice.
AntiSec has also been using the personal information obtained to reportedly make donations to various charities, including the Red Cross and Save the Children.
Allen Barr, a victim who had recently retired from the Texas Department of Banking, told the Associated Press that $700 from his bank account had been donated to various charities, and that he and his wife felt “terrible.”
Cody Sultenfuss, a Homeland Security employee, also had his personal data breached. “”They took money I did not have,” wrote Sultenfuss in a series of emails to the Associated Press. “I think ‘Why me?’ I am not rich”.
The Stratfor release, the first done in the spirit of LulzXmas, has picked up considerable mainstream media attention, from the Wall Street Journal and the Washington Post to ABC News. The widely publicized hack has led many within the Anonymous ranks to denounce the act, calling it a “desperate attempt to gain attention” and making “no political sense.”
Some Anons felt so strongly against the hack, that they released an “emergency” statement on the text sharing site Pastebin, calling those involved with LulzXmas “opportunistic attention whores who are possibly agent provocateurs.”
The release goes on to state Anonymous does not attack news sources. As “a media source, Stratfor’s work is protected by the freedom of press, a principle which Anonymous values greatly.” (Stratfor’s clients include Al Jeezera and MSNBC.)
Andrew “Weev” Auernheimer, a federally indicted hacker and self-described professional troll, called the Stratfor hack simply “shitty defacement,” while Jeffrey Paul, coder for hire with many Anonymous friends, called it “attention-whoring at its finest.”
An AntiSec member the Daily Dot spoke with via private message also seemed to be on the fence about Stratfor, saying he has “moral issues with taking civilians money.” The AntiSec member went on to justify the act by saying those people who had money charged fraudulently will get their money back because of major credit card’s fraudulent charges policies.
While other Anonymous groups and supporters have trivialized the hack, the AntiSec member the Daily Dot spoke with said the attack was “worthwhile” and could reshape “protocol and policy” used.
“The purpose of Anti-security is to show everyone how insecure they really are,” wrote the AntiSec member. “Discrediting a large security focused organization is in line with the groups intent.”
Mashable reported that celebrities like Justin Bieber, Lady Gaga, Kim Kardashian and Taylor Swift are potential next targets, according to a tweet by @YourAnonNews. That was news to the AntiSec member the Daily Dot spoke with, who speculated that might have just been a “troll” tweet.
As for future targets, the AntiSec member would not elaborate. An inkling of the next target, however, comes from the Twitter account of Sabu, who’s believed to be one of the leaders of AntiSec. A couple hours ago, Sabu wrote that help for the Syrian people would be coming “very soon.”
In a recent Pastebin post puportedly written by an AntiSec member, the group addressed the Anonymous members who spoke out against LulzXmas. The Pastebin post specifically mentioned the opposing Pastebin release, saying it undermined the collective’s work and made “baseless accusations.” The release went on to say within Anonymous, “no individual is in a place to speak to the legitamacy of another individual or group’s operation” given Anonymous’ “inherent decentralized nature” and lack of apparent leaders.
Photo by Henk de Vries